rpms/php
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import php-8.0.13-2.el9_0

Browse Source
This commit is contained in:
CentOS Sources 2022-08-04 05:54:58 -04:00 committed by Stepan Oksanichenko
parent 2ac4efb06f
commit 6ef0bfa81a
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
SOURCES/php-CVE-2022-31626.patch Normal file
View File

@ -0,0 +1,23 @@
From 58006537fc5f133ae8549efe5118cde418b3ace9 Mon Sep 17 00:00:00 2001
From: Stanislav Malyshev <smalyshev@gmail.com>
Date: Mon, 6 Jun 2022 00:56:51 -0600
Subject: [PATCH] Fix bug #81719: mysqlnd/pdo password buffer overflow
---
ext/mysqlnd/mysqlnd_wireprotocol.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ext/mysqlnd/mysqlnd_wireprotocol.c b/ext/mysqlnd/mysqlnd_wireprotocol.c
index 87b2e7c31331..e4a298adaea4 100644
--- a/ext/mysqlnd/mysqlnd_wireprotocol.c
+++ b/ext/mysqlnd/mysqlnd_wireprotocol.c
@@ -771,7 +771,8 @@ php_mysqlnd_change_auth_response_write(MYSQLND_CONN_DATA * conn, void * _packet)
MYSQLND_VIO * vio = conn->vio;
MYSQLND_STATS * stats = conn->stats;
MYSQLND_CONNECTION_STATE * connection_state = &conn->state;
- zend_uchar * const buffer = pfc->cmd_buffer.length >= packet->auth_data_len? pfc->cmd_buffer.buffer : mnd_emalloc(packet->auth_data_len);
+ size_t total_packet_size = packet->auth_data_len + MYSQLND_HEADER_SIZE;
+ zend_uchar * const buffer = pfc->cmd_buffer.length >= total_packet_size? pfc->cmd_buffer.buffer : mnd_emalloc(total_packet_size);
zend_uchar * p = buffer + MYSQLND_HEADER_SIZE; /* start after the header */
DBG_ENTER("php_mysqlnd_change_auth_response_write");

8
SPECS/php.spec
View File

@ -62,7 +62,7 @@
Summary: PHP scripting language for creating dynamic web sites
Name: php
Version: %{upver}%{?rcver:~%{rcver}}
Release: 1%{?dist}
Release: 2%{?dist}
# All files licensed under PHP version 3.01, except
# Zend is licensed under Zend
# TSRM is licensed under BSD
@ -125,6 +125,7 @@ Patch51: php-8.0.13-crypt.patch
# Upstream fixes (100+)
# Security fixes (200+)
Patch200: php-CVE-2022-31626.patch
# Fixes for tests (300+)
# Factory is droped from system tzdata
@ -726,6 +727,7 @@ rm ext/openssl/tests/p12_with_extra_certs.p12
# upstream patches
# security patches
%patch200 -p1 -b .cve31626
# Fixes for tests
%patch300 -p1 -b .datetests
@ -1536,6 +1538,10 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
%changelog
* Wed Jun 22 2022 Remi Collet <rcollet@redhat.com> - 8.0.13-2
- fix password of excessive length triggers buffer overflow leading to RCE
CVE-2022-31626
* Wed Dec 15 2021 Remi Collet <rcollet@redhat.com> - 8.0.13-1
- rebase to 8.0.13 #2032429
- refresh configuration files from upstream